ship threshold based on high-risk status, the financial institution is now in the
position of deciding whether failure to respond to a re-certification request is
ample cause to close the relationship, even though the beneficial ownership
information currently on file may be totally accurate. In short, financial institutions need to be wary of setting trigger events that are admirable in intent but
difficult to consistently practice and monitor, particularly if the trigger event sets
an expectation beyond those in the CDD rule itself. (The second set of FAQs
relevant to the CDD rule does make it clear that FinCEN does not expect periodic reviews absent specific risk-based concerns. Quoting from the response to
question 14, “Covered financial institutions do not have an obligation to solicit or
update beneficial ownership information as a matter of course during regular or
periodic reviews, absent specific risk-based concerns…periodic reviews are not
by themselves a trigger to obtain or update beneficial ownership information.”)
How does the concept of “permissible purpose” apply to beneficial ownership? As stated in the FAQs, “…the procedures must establish risk-based
practices for verifying the identity of each beneficial owner identified to the
covered financial institution, to the extent reasonable and practicable. The
procedures must contain the elements required for verifying the identity
of customers that are individuals under applicable customer identification
program (“CIP”) requirements.” Thus, does this mean that a financial institution can just use the same methods it currently uses to verify customer
identities with beneficial owners as well? Maybe, maybe not.
Some financial institutions rely on services that perform a check at ac-
count opening of customers’ identity and bank history using credit report
data. The usage of credit report data places such actions under the purview
of the Fair Credit Reporting Act (FCRA), which requires a “permissible
purpose” before such checks can be performed. The definition of “permis-
sible purpose” includes using the information “in connection with a credit
transaction involving the consumer on whom the information is to be fur-
nished and involving the extension of credit to, or review or collection of an
account of, the consumer”; “in connection with a business transaction that is
initiated by the consumer”; and “to review an account to determine whether
the consumer continues to meet the terms of the account.”
Thus, in the context of the FCRA, is a beneficial owner who is not also
an authorized signer, a “consumer”? Since such a beneficial owner would
not actually have control over the account relationship in question, it could
certainly be argued that he/she is not. Thus, in cases such as these, there may
be no “permissible purpose” to verify a beneficial owner’s identity using such
a service. Again, regulatory clarity on this issue is desirable.
It should be stated that there is no apparent prohibition on using services
that do not use credit report data in an attempt to verify the identity of
beneficial owners. Similarly, if a financial institution relies on documentary
verification—such as collection and review of one or more forms of primary
identification—for customers, that financial institution could do the same for
beneficial owners. Thus, identity verification methods for beneficial owners
still exist; those methods may just not be the same that are used for customers.
Practically, for financial institutions that rely on services using credit report
data at account opening, steps will need to be taken to ensure that only signers
and the legal entity itself are submitted to the service for identity verification.
If CIF records are created for all parties at once and then submitted with
the push of a button, the financial institution will need to consider how to
exclude the CIF records for the beneficial owners from that submission (and
then how to recognize that alternative identity verification procedures will
still need to be performed for the beneficial owners).
The second set of FAQs relevant to the CDD rule (published April 4, 2018)
were certainly beneficial in clarifying some of the issues discussed above,
but implementation challenges remain. With little remaining time before the
applicability date of the rule, financial institutions are encouraged to be both
forward-thinking and practical in their application of the rule. Advanced
compliance goals that at first may seem achievable are often challenged by
the realities of day-to-day processes and procedures, and financial institutions
should be wary of setting a goal of exceeding compliance expectations that
not only fails but results in unnecessary demands and inconsistent results.
As compliance professionals have learned over the years, establish a plan
that includes evaluation of the pitfalls and uncertainties and then implement
the plan. Adjust to subsequent guidance and interpretation as they occur.
Waiting until everything is clear is not a very workable option. ■
ABOUT THE AUTHOR
CHRIS SIMPKINS, CAMS, CFE, serves as the Bank Secrecy Act (BSA)/Office of
Foreign Asset Control (OFAC) Officer for Arvest Bank, having been in that role for
approximately 14 years. Chris joined Arvest with its acquisition of Superior Bank
(formerly Superior Federal Bank) in 2003, where Chris was serving as Superior’s
Audit Manager and had been a part (and at times, the entirety) of its Internal Audit
department since 1992. Within both roles, Chris has worked a variety of internal
fraud cases. Chris has achieved the certifications of Certified Public Accountant
(CPA–non-practicing), Certified Fraud Examiner (CFE), and Certified Anti-Money
Laundering Specialist (CAMS). Additionally, for the last four years, Chris has served
on the advisory board for the annual American Bankers Association/American Bar
Association Money Laundering Enforcement Conference—planning, moderating,
or speaking during a variety of sessions devoted to anti-money laundering issues.
He can be reached at firstname.lastname@example.org.
FinCEN’s Beneficial Ownership Rule Resources
In April, FinCEN released FAQs:
Online training specific to the new rule is available:
ABA Members can access www.aba.com/Compliance/Mem/Pages/comply_bsa_menu.aspx
where you will find a sample letter to alert customers, a sample lobby notice, FAQs, staff analysis and more.